MDTI API sample Jupyter Notebooks This repo contains sample notebooks for using the Microsoft Defender Threat Intelligence API.

These Jupyter Notebooks demonstrate the usage of the MDTI API endpoints that allow users to access their attack surface data easily using Python in an interactive environment.

Available endpoints/actions: Host Information, Reputations & Score, Components, Cookies, Trackers, Threat Articles, Threat Profiles, Vulnerabilities, Passive DNS

Instructions to use the notebooks Recommended - Use VS Code and Extensions Python notebook, follow these steps:

Install VS Code Add the Python Extension for VS Code once configured, pip install requests Add the Jupyter Extension for VS Code

Enter in the required MDTI information (tenantId, subscriptionId, resourceGroupName, workspaceName, region, service principal clientId, & clientSecret) MDTI API documentation can be found here, (https://learn.microsoft.com/en-us/defender/threat-intelligence/reputation-scoring)

Azure AD Authentication details can be found here, https://docs.microsoft.com/en-us/rest/api/azure/#how-to-call-azure-rest-apis-with-postman

Blog on MDTI APIs in Graph: https://techcommunity.microsoft.com/t5/microsoft-defender-threat/what-s-new-apis-in-microsoft-graph/ba-p/3780350

Suggestions and feedback We value your feedback. Let us know if you run into any problems or share your suggestions and feedback to MDEASM Go-To-Production (GTP) Customer Experience Engineering (CxE) Team. Email: [email protected]